Combining Healthcare Standards with Other

RESTful APIs

Brad GenereauxProduct Manager, Agfa HealthCare

Co-chair, DICOM WG-27 Web TechnologiesCo-chair, HL7 Imaging Integration / DICOM WG-20

@IntegratorBrad

Disclosures• Product Manager at Agfa HealthCare• Co-chair of DICOM WG-27 Web Technologies• Co-chair of HL7 Imaging Integration / DICOM WG-20

Learning Objectives• By the end of this presentation, attendees should be able to:• Understand the value in connecting non-healthcare REST APIs• Understand the general methods to accomplish this• Understand the risks and mitigation strategies in doing this

Last Year at SIIM15…

Healthcare Standards are at your Disposal

HL7® /

FHI

R® • In production everywhere

• Use only the messages you want

• FHIR uses industry standard REST technologies DICO

Mw

eb™ • Pull in images to

enrich your patient and clinician experiences

• Pull in imaging meta-data to further enrich the detail you show

And

Mor

e! • Human API• Radiology Gamuts• RadReport API• SWIM / TRIP• RadLex Playbook

… but challenges expand beyond these domains ...

My Eleventy Billion Dollar Innovation

The Innovation

“Hi Alex. You have an appointment today at

9:30am. Will you still be coming?”

“Yes.”

“Sally, before we can image you, is there any chance you

might be pregnant?

“Yes.”

“It is unsafe to proceed with your CT. We will release your CT slot to other patients, and follow-up with an MRI. How is Friday at 10am?”

Missed Appointment $70=Avg Cancellation Rate 20%=

Annual Loss for 1,000 monthly visits $168,000=Challenge – Connecting Telephony:• Do you perform integrations into each

PBX system or into each telephony provider?

• How do you guarantee up-time? What happens when an API changes?

• This quickly becomes untenable when scaling deployments

How can we maximize re-use and minimize effort?

Someone else has solved your problem …

… but they may not be in the healthcare space ...

Example API : Twilio

• Telephony REST API provider• Enable your applications to• send out text messages• make phone calls• solicit input via voice or digit presses• text-to-speech and speech-to-text

• Simple to implement using “TwiML” language (XML-driven)

https://www.twilio.com

Good APIs follow the “555” Rule

5 seconds to Documentation

5 minutes to Hello World

5 hours to Prototype

Combine APIs to Innovate Exponentially

?

Example API Aggregator : IFTTT

• If This, Then That• “Consumertizes” API access for the end users• Defines a “service” as an API endpoint• Defines a “recipe” as a combination of two services with an action

https://ifttt.com

Innovate with Building Blocks

Send myself a text five mins before my meeting

Call an Uber to take me to work when it rains

Log tweets on #SIIM16 to my notepad

Innovate with Healthcare Standards

Call patients to remind them of appointments

Log all images with cancer to my notepad

When patient admitted to room, warm to 72 degrees

Call Uber to pick up patients for appointments without transport

Increase staff in ER during freezing rain forecasts

E-mail patient their images after each visit

How to Connect to an API

Find Docs Register Play

BuildComplete

5 seconds 5 minutes

5 hours

What is an API key?• This uniquely identifies you to the service• They may collect usage metrics or for billing

• Usually passed as an HTTP header or query parameter

Security• Always use HTTPS• Never post your application keys anywhere• Nor embed the keys in a system at risk of being reverse-compiled

• Proxy calls to drive connectivity from servers where relevant (XSS)

!!

Won’t work due to XSS

Privacy• Understand the cloud environment where data is stored• Need to understand your liability• Understand methods to mitigate or control risk• i.e., two-factor authentication

Testing• Health data have structures that will break your apps• Both in your own application and in the API provider• i.e., looking up an address in Google Maps but the patient has no fixed

address

• So, test both your core and edge cases• Follow OWASP guidelines

(https://www.owasp.org/index.php/Data_Validation)• Handle HTTP errors you receive gracefully• Know your rate limits

Useful Links• API Directory from Programmable Web

http://www.programmableweb.com• API Conferences and Hackathons

http://devpost.com• If This, Then That

http://ifttt.com• Open Web Application Security Project (OWASP)

https://www.owasp.org/index.php/Data_Validation

Connect to APIs …

Find Docs Register Play

BuildComplete

… And Innovate Healthcare

Someone else has solved your problem …Use their solutions to your advantage, to innovate and drive change

@IntegratorBrad